Security

A scourge of robocalls urging Americans to “stay safe and stay home” has gotten the attention of the FBI and the New York attorney general over concerns of voter suppression. The brief message, which doesn’t specifically mention Election Day, has prompted New York Attorney Genera

One of the most active and notorious data-stealing ransomware groups, Maze, says it is “officially closed.” The announcement came as a waffling statement, riddled with spelling mistakes and published on its website on the dark web, which for the past year has published vast troves of st

A shared user account used by WeWork employees to access printer settings and print jobs had an incredibly simple password — so simple that a customer guessed it. Jake Elsley, who works at a WeWork in London, said he found the user account after a WeWork employee at his location mistakenly left t

Google has dropped details of a previously undisclosed vulnerability in Windows, which it says hackers are actively exploiting. As a result, Google gave Microsoft just a week to fix the vulnerability. That deadline came and went, and Google published details of the vulnerability this afternoon. The

The U.K.’s ICO has reduced the size of a data breach penalty for hotel business Marriott — dropping it to £14.4 million (~$23.8 million) in a final penalty notice, down from the £99 million ($123 million) figure that the watchdog initially said it would levy in July 2019. The fine rel

Enso Security, a Tel Aviv-based startup that is building a new application security posture management platform, today announced that it has raised a $6 million seed funding round led by YL Ventures, with participation from Jump Capital. Angel investors in this round include HackerOne co-founder an

Microsoft says hackers backed by the Iranian government targeted over 100 high-profile potential attendees of two international security and policy conferences. The group, known as Phosphorus (or APT35), sent spoofed emails masquerading as organizers of the Munich Security Conference, one of the m

President Trump’s campaign website was briefly and partially hacked Tuesday afternoon as unknown adversaries took over parts of the page, replacing them with what appeared to be a scam to collect cryptocurrency. There is no indication, despite the hackers’ claims, that “full acces

Immigration law firm Fragomen, Del Rey, Bernsen & Loewy has confirmed a data breach involving the personal information of current and former Google employees. The New York-based law firm provides companies with employment verification screening services to determine if employees are eligible an

A Dutch security researcher says he accessed President Trump’s @realDonaldTrump Twitter account last week by guessing his password: “maga2020!”. Victor Gevers, a security researcher at the GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, which finds an

Year after year, phishing remains one of the most popular and effective ways for attackers to steal your passwords. As users, we’re mostly trained to spot the telltale signs of a phishing site, but most of us rely on carefully examining the web address in the browser’s address bar to ma

According to President Trump speaking at a campaign event in Tucson, Arizona, on Monday, “nobody gets hacked.” You don’t need someone who covers security day in and day out to call bullshit on this one. “Nobody gets hacked. To get hacked you need somebody with 197 IQ and he

Six Russian intelligence officers accused of launching some of the “world’s most destructive malware” — including an attack that took down the Ukraine power grid in December 2015 and the NotPetya global ransomware attack in 2017 — have been charged by the U.S. Justice Departme

Fearing the spread of coronavirus, jails and prisons remain on lockdown. Visitors are unable to see their loved ones serving time, forcing friends and families to use prohibitively expensive video visitation services that often don’t work. But now the security and privacy of these systems are